Posts Tagged ‘server.xml’

Update on DOORS Web Access, server.xml and Tomcat…

It appears I was incorrect! When you modify your server.xml file, you may or may not need to add SSLEnabled=”true” to your SSL connector piece. And neither of the Tomcat servers I’ve seen modified to support SSL ever required keyAlias=”server” for what it’s worth.

 

Again, this is in reference to an earlier post on converting a PFX file to a JKS file for Tomcat.

Converting a PFX file to a Java Keystore & using it w/ Tomcat

So a couple of months ago I had to stand up a DOORS Web Access server for work. It was pretty straight forward except for the creation of a certificate in your Java Keystore and then using it inside of your Tomcat server’s server.xml file.

  To create the Java Keystore file you’ll first need to have downloaded Jetty which will do the command-line magic for you. I downloaded it from the codehaus.org website but you can find it by doing a Google for Jetty keytool. Once downloaded ensure your Java environment is setup correctly by issuing via command-line java -classpath lib/jetty-6.1.1.jar org.mortbay.jetty.security.PKCS12Import . It should return back w/ usage information letting you know your Java environment is setup for command-line Java execution. Next, put your PFX file in the same directory where you are via command-line and then issue java -classpath lib/jetty-6.1.1.jar org.mortbay.jetty.security.PKCS12Import <mycert>.pfx <myjavakeystorefile>.jks. You’ll be prompted for the password that allows you to use the PFX file, then you’ll be asked for a password for your JKS file. Once it’s done, you’ll have your Java Keystore and password.

Now, you need to open up your server.xml file and find the SSL part which needs to be modified to point to your Java Keystore file. When I found my server.xml file the https port was changed to 8443 which from what I hear is pretty common. I simply changed mine back to 443 so I wouldn’t have to do any firewall redirection. Now, I simply had to add SSLEnabled="true" keyAlias="server" keystoreFile="C:\path\to\keystore\file\mykeystorefile.jks" keypass="supersecretpasswordwhichI'mnotstupidenoughtoblogabout" . Once I had those attributes correctly set I simply stopped and restarted the Tomcat server.

All credit really goes to DigiCert & Entrust 🙂

Jetty tool kit explained:
http://www.entrust.net/knowledge-base/technote.cfm?tn=7925

Tomcat SSL certificate installation:
http://www.digicert.com/ssl-certificate-installation-tomcat.htm

Jetty’s website:
http://docs.codehaus.org/display/JETTY/Jetty+Wiki

Return top
 
Icons made by Freepik from www.flaticon.com is licensed by CC BY 3.0